CLAIMS 



Claims 6-54 remain in the application. Claims 6, 8, 10, 18, 24, 29, 31, and 39 
have been amended. No claims have been cancelled or added. 

Listing of Claims: 

1-5. (Canceled). 

6. (Currently Amended) A network device comprising: 
at least one processor; 
memory; 
I/O; and 

at least one virtual router in the memory, said at least one virtual router including 
a network interface, wherein the at least one virtual router is associated to an unique 
network domai n, the at least one virtual router forwards data within the unique network 
domain and the at least one virtual router is one of a plurality of virtual routers in the 
memory ; 

a sub-interface data structure in the memory; and 

a binding data structure in the memory which binds the network interface to the 
sub-interface data structure. 
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7. (Presently Amended) The network device of claim 6 wherein, 
the network interface is a layer 3 network interface; 

the sub-interface data structure is a layer 2 interface data structure; and 
the binding data structure is layer 2/3 binding structure which binds the layer 3 
network interface to the layer 2 interface data structure. 

8. (Currently Amended) An electronic memory encoded with: 

at least one virtual router, said at least one virtual router including a network 
interface, where the at least one virtual router is associated to an unique network domain^ 
the at least one virtual router forwards data within the unique network domain and the at 
least one virtual router is one of a plurality of virtual routers in the memory ; 

a sub-interface data structure; and 

a binding data structure which binds the network interface to the sub-interface 
data structure. 

9. (Presently Amended) The electronic memory of claim 8 wherein: 
the network interface is a layer 3 network interface; 

the sub-interface data structure is a layer 2 interface data structure; and 
the binding data structure is a layer 2/3 binding data structure which binds the 
layer 3 interface to the layer 2 interface data structure. 
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10. (Currently Amended) A method of creating a link in at least one network domain 
comprising: 

providing a network device including an electronic memory encoded with at least 
one virtual router which includes at least one network interface, wherein the at least one 
virtual router is associated to an unique network domain, the at least one virtual router 
forwards data within the unique network domain and the at least one virtual router is one 
of a plurality of virtual routers in the memory ; 

providing at least one sub-interface data structure encoded in the electronic 
memory; and 

binding the at least one network interface to the at least one sub-interface data 
structure. 

11. (Original) The method of claim 10 wherein binding includes creating a binding 
data structure that binds the at least one network interface to the at least one sub-interface 
data structure. 

12. (Original) The method of claim 10 further comprising: 

providing at least one other network interface encoded in the electronic memory; 
and 

binding the at least one other network interface to the at least one sub-interface 
data structure. 
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13. (Original) The method of claim 12 further including: 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure. 

14. (Original) The method of claim 10 further comprising: 

providing at least one other sub-interface data structure encoded in the electronic 
memory; and 

binding the at least one network interface to the at least one other sub- interface 
data structure. 

15. (Original) The method of claim 14 further including: 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure. 

16. (Original) The method of claim 10, 

wherein binding the at least one network interface to the at least one sub-interface 
data structure includes creating a binding data structure that binds the at least one network 
interface to the at least one sub-interface data structure; and further including: 

providing at least one other network interface encoded in the electronic memory; 

binding the at least one other network interface to the at least one sub-interface 
data structure; 
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wherein binding the at least one other network interface to the at least one sub- 
interface data structure includes creating a binding data structure that binds the at least 
one other network interface to the at least one sub-interface data structure; and 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure while leaving the at least one network interface intact. 

17. (Original) The method of claim 10, 

wherein binding the at least one network interface to the at least one sub-interface 
data structure includes creating a binding data structure that binds the at least one network 
interface to the at least one sub-interface data structure; and further including: 

providing at least one other network interface encoded in the electronic memory; 

providing the at least one other sub-interface data structure encoded in electronic 
memory; 

binding the at least one other network interface to the at least one other sub- 
interface data structure; 

wherein binding the at least one network interface to the at least one other sub- 
interface data structure includes creating a binding data structure that binds the at least 
one network interface to the at least one other sub-interface data structure; 

binding the at least one other network interface to the at least one other sub- 
interface data structure; 



Attorney's Docket No. 4906.P001D 



6 



App. No. 10/020,388 



wherein binding the at least one other network interface to the at least one other 
sub-interface data structure includes creating a binding data structure that binds the at 
least one other network interface to the at least one other sub-interface data structure; 

eliminating the binding of the at least one network interface to the at least one 
sub-interface data structure while leaving the at least one network interface intact. 

18. (Currently Amended) A method of creating a link in a network domain 
comprising: 

providing a network device including an electronic memory encoded with a first 
virtual router which includes at least one first network interface and with a second virtual 
router which includes at least one second network interface , wherein the first virtual 
router is coupled to a first network domain, and the second virtual router is coupled to a 
second network domain ; 

providing at least one first sub-interface data structure encoded in the electronic 
memory; 

providing at least one second sub-interface data structure encoded in the electronic 
memory; 

binding the at least one first network interface to the at least one first sub-interface 
data structure , wherein the first virtual router forwards data within the first network 
domain through the first network interface ; and 
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binding the at least one second network interface to the at least one second sub- 
interface data structure , wherein the second virtual router forwards data within the second 
network domain through the second network interface . 

19. (Original) The method of claim 18 wherein, 

binding the at least one first network interface to the at least one first sub-interface 
data structure includes creating a first binding data structure; and 

binding the at least one second network interface to the at least one second sub- 
interface data structure includes creating a second binding data structure. 

20 (Original) The method of claim 18 further including: 

binding the at least one second network interface to the at least one first sub- 
interface data structure; and 

eliminating the binding of the at least one second network interface to the at least 
one second sub-interface data structure. 

21. (Previously Presented) The method of claim 18 further including: 

providing respective first and second network databases associated with the 
respective first and second virtual routers wherein such respective first and second 
databases include one or more types of control information used to manage or monitor 
operations, selected from the group consisting of: network (layer 3) addressing, layer 3 
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connections, routing, routing protocols, route filters and policies, tunneling, tunneling 
protocols. 

22. (Previously Presented) The method of claim 18 further including: 
providing respective first and second network databases associated with the 

respective first and second virtual routers wherein such respective first and second 
databases include control information used to manage or monitor operations, selected 
from the group consisting of: network (layer 3) addressing, layer 3 connections, routing, 
routing protocols, route filters and policies, tunneling, tunneling protocols; 

binding the at least one first network interface to the at least one first sub-interface 
data structure includes creating a first binding data structure; and 

binding the at least one second network interface to the at least one second sub- 
interface data structure includes creating a second binding data structure. 

23. (Previously Presented) The method of claim 18 further including: 
providing respective first and second network databases associated with the 

respective first and second virtual routers wherein such respective first and second 
databases include one or more types of control information used to manage or monitor 
operations, selected from the group consisting of: network (layer 3) addressing, layer 3 
connections, routing, routing protocols, route filters and policies, tunneling, tunneling 
protocols; 
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binding the at least one first network interface to the at least one first sub-interface 
data structure includes creating a first binding data structure; 

binding the at least one second network interface to the at least one second sub- 
interface data structure includes creating a second binding data structure; 

binding the at least one second network interface to at least one first sub-interface 
data structure; and 

eliminating the binding of the at least one second network interface to the at least 
one second sub-interface data structure. 

24. (Currently Amended) A method of creating links between multiple subscriber end 
stations and multiple network domains comprising: 

providing a network device including an electronic memory encoded with 
multiple respective virtual routers, each of said respective virtual routers including a_ 
separate respective corresponding network databases which includes respective control 
information to forward data within a respective network domain , said each of respective 
virtual routers respectively each including at least one respective network interface for a 
the respective network domain; 

providing respective subscriber records in an electronic memory that 
include respective information as to network domains to which respective subscriber end 
stations of respective subscribers may can access; 

providing multiple respective sub-interface data structures in the electronic 
memory respectively associated with respective subscribers; 
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searching respective subscriber records to identify respective network 
domains that may be accessed by a respective subscriber end station of a respective 
subscriber; and 

creating respective binding data structures that respectively bind respective 
sub-interface data structures respectively associated with respective subscribers to 
respective network interfaces for respective network domains identified from searching 
respective subscriber records. 

25. (Original) The method of claim 24 further including: 

providing respective subscriber authentication information and respective 
subscriber authorization information in respective subscriber records; 

providing subscriber authentication and authorization services; and 
authenticating and authorizing subscriber access to respective network domains 
using respective subscriber records and the subscriber authentication and authorization 
services. 

26. (Original) The method of claim 24 wherein, 

the multiple respective sub-interface data structures include multiple respective 
virtual circuits. 

27. (Original) The method of claim 24 further including: 
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providing in respective subscriber records multiple possible network domain 
binding options for a respective subscriber. 

28. (Original) The method of claim 24 wherein, 

information in respective subscriber records identify multiple respective possible 
network domains to which respective subscriber end stations of respective subscribers 
may be bound; and 

information in respective subscriber records provide respective criteria for 
selecting between multiple respective network domains for a respective subscriber. 

29. (Currently Amended) A subscriber management system comprising: 

a network device including an electronic memory encoded with multiple 
respective virtual routers in the memory, each of said respective virtual routers including 
a separate corresponding respective network databases which includes respective control 
information to forward data within a respective network domain , said each of respective 
virtual routers respectively including at least one respective network interface to a the 
respective network domain; 

respective subscriber records in an electronic memory that include respective 
information as to network domains to which respective subscriber end stations of 
respective subscribers may be are bound; 

multiple respective sub-interface data structures in the electronic memory 
respectively associated with respective subscribers; 
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a computer program in electronic memory that searches respective subscriber 
records to identify respective network domains that may be accessed by respective 
subscriber ends stations of respective subscribers; and 

respective binding data structures that respectively bind respective sub-interface 
data structures associated with respective subscribers to respective network interfaces to 
respective network domains identified from searching respective subscriber records. 

30. (Original) The system of claim 29 wherein, 

information in respective subscriber records identify multiple respective possible 
network domains to which respective subscriber end stations of respective subscribers 
may be bound; and 

information in respective subscriber records provide respective criteria for 
selecting between multiple respective network domains for respective subscribers. 

3 1 . (Currently Amended) A network device comprising: 
at least one processor; 

memory; 
I/O; 

at least one virtual bridge in the memory, said at least one virtual bridge including 
a network interface , wherein the at least one virtual bridge is associated to an unique 
network domain, the at least one virtual bridge forwards data within the unique network 
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domain and the at least one virtual bridge is one of a plurality of virtual bridges in the 
memory ; 

a sub-interface data structure in the memory; and 

a binding data structure in the memory which binds the network interface to the 
sub-interface data structure. 

32. (Previously Presented) The network device of claim 3 1 wherein, 
the network interface is a layer 2 network interface; 

the sub-interface data structure is a layer 2 interface data structure; and 
the binding data structure is layer 2/2 binding structure which binds the layer 2 
network interface to the layer 2 interface data structure. 

33. (Previously Presented) An apparatus comprising: 
a single network device including, 

a set of one or more processors; 

a physical interface, the physical interface coupled to a network; and 
a machine-readable medium having stored therein a set of instructions to 
cause the set of one or more processors to instantiate a first virtual router comprising a 
network interface and a first database, to instantiate a second virtual router comprising a 
network interface and a second database, and to bind with a data structure the first virtual 
router network interface to the first physical interface, wherein the first virtual router 
routes packets according to the first database within a first network domain through the 
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first virtual router network interface and the first physical interface, and wherein the 
second virtual router routes packets according to the second database within a second 
network domain. 

34. (Previously Presented) The apparatus of claim 33, further comprising: 

a second physical interface, the second physical interface coupled to the network, 
wherein the set of instructions further causes the single network device to bind with 
another data structure the second virtual router network interface to the second physical 
interface, and wherein the second virtual router routes packets through the second virtual 
router network interface and the second physical interface. 

35. (Previously Presented) An apparatus comprising: 
a single network device including, 

a set of one or more processors; and 

a machine-readable medium having stored therein a set of instructions to 
cause the set of one or more processors to instantiate a first virtual router comprising a 
network interface and a first database, to instantiate a second virtual router comprising a 
network interface and a second database, and to bind with a data structure the first virtual 
router network interface to a first virtual circuit, wherein the first virtual router routes 
packets according to the first database within a first network domain through the first 
virtual router network interface and the first virtual circuit, and wherein the second virtual 
router routes packets according to the second database within a second network domain. 



Attorney's Docket No. 4906.P001D 



15 



App. No. 10/020,388 



36. (Previously Presented) The apparatus of claim 35, further comprising: 

a second virtual circuit, the second virtual circuit coupled to the network, wherein 
the set of instructions further causes the single network device to bind with another data 
structure the second virtual router network interface to the second virtual circuit, and 
wherein the second virtual router routes packets through the second virtual router network 
interface and the second virtual circuit. 

37. (Previously Presented) An apparatus comprising: 
a single network device including, 

a set of one or more processors; and 

a machine-readable medium having stored therein a set of instructions to 
cause the single network device to instantiate a first virtual bridge comprising a network 
interface and a first database, to instantiate a second virtual bridge comprising a network 
interface and a second database, and to bind with a data structure the first virtual bridge 
network interface to a first virtual circuit, wherein the first virtual bridge switches packets 
according to the first database within a first network domain through the first virtual 
bridge network interface and the first virtual circuit, and wherein the second virtual 
bridge switches packets according to the second database within a second network 
domain. 

38. (Previously Presented) The apparatus of claim 37, further comprising: 
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a second virtual circuit, the second virtual circuit coupled to the network, wherein 
the set of instructions further causes the single network device to bind with another data 
structure the second virtual bridge network interface to the second virtual circuit, and 
wherein the second virtual bridge switches packets through the second virtual bridge 
network interface and the second virtual circuit. 



39. (Currently Amended) An apparatus comprising: 
a single network device including, 

a set of one or more processors; 

a first plurality of ports to communicate packets of a plurality of 

subscribers; 

a second plurality of ports to communicate packets; and 
a machine-readable medium having stored therein a set of instructions to 
cause the set of processors to, 

instantiate a plurality of virtual network machines, wherein the 
plurality of virtual network machines are virtually independent but share a 
set of physical resources within the single network device, wherein each of 
the plurality of virtual network machines is one of a virtual router and a 
virtual bridge, and wherein each of the plurality of virtual network 
machines belong to a different network domain, 

receive subscriber records associated with the plurality of 
subscribers, wherein each of the plurality of subscribers are associated 
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with a virtual circuit on one of the first plurality of ports, wherein each of 
the first and second plurality of ports is associated with one or more sub- 
interfaces, and wherein each of the virtual circuits is associated with one 
of the sub-interfaces associated with the one of the first plurality of ports 
that the virtual circuit is on, and 

dynamically bind a set of one or more network interfaces of each of 
the virtual network machines to a set of one or more of the sub-interfaces, 
such that each of the virtual circuits is communicatively coupled with one 
of said plurality of virtual network machines based on the subscriber 
record of the subscriber associated with that virtual circuit and such that at 
least some of the virtual network machines are communicatively coupled 
to one of the second plurality of ports, wherein the bindings are 
represented with a plurality of data structures. 

40. (Previously Presented) The apparatus of claim 39, wherein the set of instructions 
further causes the set of processors to retrieve the subscriber records from a server that 
runs authentication, authorization, and accounting protocols. 

41. (Previously Presented) The apparatus of claim 39, wherein the set of instructions 
further causes the set of processors to change the binding of one of the virtual circuits to a 
different one of said plurality of virtual network machines, wherein the binding change is 
based on the subscriber's subscriber record. 
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42. (Previously Presented) The apparatus of claim 41, wherein the binding change is 
based on time of day. 

43. (Previously Presented) The apparatus of claim 39, wherein the set of instructions 
further causes the set of processors to, 

bind one of the network interfaces associated with a first of the plurality of virtual 
network machines to a sub- interface for a first virtual circuit associated with a first port of 
one of the first and second plurality of ports, and 

bind one of the network interfaces associated with a second of the plurality of 
virtual network machines to a sub-interface for a second virtual circuit associated with the 
first port. 

44. (Previously Presented) The apparatus of claim 39, wherein the set of instructions 
further causes the set of processors to, 

bind one of the network interfaces associated with a first of the plurality of virtual 
network machines to a sub-interface for a first virtual circuit associated with a first port of 
one of the first and second plurality of ports, and 

bind another one of the network interfaces associated with the first of the plurality 
of virtual network machines to a sub-interface for a second virtual circuit associated with 
the first port. 
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45. (Previously Presented) The apparatus of claim 39, wherein the set of instructions 
further causes the set of processors to forward, within the network domains to which the 
virtual network machines belong, packets received over the virtual circuits 
communicatively coupled with the virtual network machines out the second plurality of 
ports. 

46. (Previously Presented) The apparatus of claim 45, wherein the second plurality of 
ports is communicatively coupled to different ones of service providers and different 
virtual network machines have access to the different ones of the service providers. 

47. (Previously Presented) An apparatus comprising: 
a single network device including, 

a set of one or more processors; 

a plurality of ports to communicate a plurality of independent information 
flows of packets through the single network device between a plurality of end stations; 
and 

a machine-readable medium having stored therein a set of instructions to 
cause the set of processors to, 

instantiate a plurality of virtual network machines to forward the 
plurality of information flows through the single network device, wherein 
the plurality of virtual network machines are virtually independent but 
share a set of physical resources within the single network device, wherein 
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each of the plurality of virtual network machines is one of a virtual router 
and a virtual bridge, wherein the plurality of virtual network machines 
belong to different network domains with accounting for different 
administrative authorities, wherein each of the virtual network machines 
include one or more network interfaces, and wherein each of the plurality 
of ports is associated with one or more sub-interface data structures, and 
dynamically bind, with a plurality of binding data structures, the 
network interfaces of each of the virtual network machines to different 
ones of the sub-interface data structures to couple each of the plurality of 
information flows to a currently appropriate one of the plurality of virtual 
network machines based on current authorization of that information flow, 
and wherein the bindings are dynamic based on a change in the 
authorization of each of the plurality of information flows. 

48. (Previously Presented) The apparatus of claim 47, wherein the set of instructions 
further causes the set of processors to receive records associated with a plurality of virtual 
circuits, and each of the virtual circuits is communicatively coupled with one of said 
plurality of virtual network machines based on the record associated with that virtual 
circuit. 
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49. (Previously Presented) The apparatus of claim 48, wherein the set of instructions 
further causes the set of processors to retrieve the records from a server that runs 
authentication, authorization, and accounting protocols. 

50. (Previously Presented) The apparatus of claim 48, wherein the set of instructions 
further causes the set of processors to change the binding of one of the virtual circuits to a 
different one of said plurality of virtual network machines, wherein the binding change is 
based on the record associated with the virtual machine. 

51. (Previously Presented) The apparatus of claim 47, wherein the binding change is 
based on time of day. 

52. (Previously Presented) The apparatus of claim 47, wherein the set of instructions 
further causes the set of processors to, 

bind one of the network interfaces associated with a first of the plurality of virtual 
network machines to a sub- interface data structure for a first virtual circuit associated 
with a first port of one of the plurality of ports, and 

bind one of the network interfaces associated with a second of the plurality of 
virtual network machines to a sub-interface data structure for a second virtual circuit 
associated with the first port. 
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53. (Previously Presented) The apparatus of claim 47, wherein the set of instructions 
further causes the set of processors to, 

bind one of the network interfaces associated with a first of the plurality of virtual 
network machines to a sub-interface data structure for a first virtual circuit associated 
with a first port of one of the plurality of ports, and 

bind another one of the network interfaces associated with the first of the plurality 
of virtual network machines to a sub-interface data structure for a second virtual circuit 
associated with the first port. 

54. (Previously Presented) The apparatus of claim 47, wherein the binding change for 
one of the plurality of information flows is based on change in service associated with the 
information flow. 
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